The company behind Hilton Hotels is paying a $700,000 (£525,000) fine after being accused of mishandling two separate credit card data breaches.

The attacks were in 2014 and 2015.

More than 363,000 accounts were put at risk, although it remains unclear whether the perpetrators managed to extract any details.

US government investigators said the firm had taken too long to warn customers and had lacked adequate security measures.

The penalty will be divided between the states of New York and Vermont. Their attorneys general agreed the settlement with the company, which operates properties under the Waldorf Astoria, Conrad Hotels and DoubleTree brands in addition to Hilton.

Malware alerts

The first of the two cases was discovered in February 2015, when Hilton learned that one of its UK-based systems was communicating with a suspicious computer outside its network.

In the second incident, an intrusion detection system alerted Hilton to another problem in July 2015. A subsequent probe revealed that payment card data had again been targeted by malware since April of the same year.

Although the Virginia-headquartered firm still maintains it found no proof that any data had been stolen in either case, the attorney generals noted that the intruders had used anti-forensic tools that had made it impossible to determine exactly what had been done.

As part of the settlement, Hilton has promised to disclose future breaches more quickly and to perform regular security tests, among other enhanced safety efforts.

"Hilton is strongly committed to protecting our customers' payment card information and maintaining the integrity of our systems," the company said in a statement.